Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T13272622A3744B3350FAB02CDA785B2D89331F344A2711EC1F1A941BDDADADF6B126B54 |
|
CONTENT
ssdeep
|
384:6tKMkNSC/rAdyG1O6sMB98V+hEw7fMmUFCocT:jTtG1zJ9i+Ew7fBUsNT |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b146ce1b95a564ea |
|
VISUAL
aHash
|
000000020a00ffff |
|
VISUAL
dHash
|
e8888a9a9a8a5e30 |
|
VISUAL
wHash
|
000062ceea4affff |
|
VISUAL
colorHash
|
3ae00008000 |
|
VISUAL
cropResistant
|
ec8e99ada0b13133,9c78e1c3c6c6c3f0,181c5d34ec183434,e830888a9a9a9ada |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 10 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)